vyatta-cfg-firewall (1.2.6) unstable; urgency=low * New release. -- VyOS maintainers Fri, 11 Sep 2020 04:30:50 +0300 vyatta-cfg-firewall (1.2.5) unstable; urgency=low * New release. -- VyOS maintainers Mon, 09 Mar 2020 18:45:13 +0200 vyatta-cfg-firewall (1.2.4) unstable; urgency=low * New release. -- VyOS maintainers Tue, 10 Dec 2019 23:40:05 +0200 vyatta-cfg-firewall (1.2.0-1) unstable; urgency=medium * New release. -- Daniil Baturin Sat, 26 Jan 2019 23:16:15 +0100 vyatta-cfg-firewall (0.14.0+vyos2+current2) unstable; urgency=medium * T59: Inspect action still exists in firewall and should be removed -- hagbard Fri, 26 Oct 2018 11:54:38 -0700 vyatta-cfg-firewall (0.14.0+vyos2+current1) unstable; urgency=medium [ Thomas Jepp ] * Fix build depends. * Fix runtime depends. [ Kim Hagen ] -- Kim Hagen Sun, 24 Jan 2016 15:00:40 -0500 vyatta-cfg-firewall (0.14.0+vyos2+lithium16) unstable; urgency=low [ Alex Harpin ] * vyatta-cfg-firewall: update network-group check to allow "this" network * vyatta-cfg-firewall: formatting changes for style consistency -- Alex Harpin Sat, 12 Dec 2015 20:13:00 +0000 vyatta-cfg-firewall (0.14.0+vyos2+lithium15) unstable; urgency=low [ Alex Harpin ] * vyatta-cfg-firewall: drop executable permissions on node.defs * vyatta-cfg-firewall: check rules for errors before processing them * vyatta-cfg-firewall: formatting changes for style consistency * vyatta-cfg-firewall: update nfct commands to use the new syntax -- Alex Harpin Sun, 29 Nov 2015 18:51:08 +0000 vyatta-cfg-firewall (0.14.0+vyos2+lithium14) unstable; urgency=low [ Alex Harpin ] * vyatta-cfg-firewall: temporarily disable p2p option in firewall config -- Alex Harpin Sat, 24 Oct 2015 11:29:12 +0100 vyatta-cfg-firewall (0.14.0+vyos2+lithium13) unstable; urgency=low * vyatta-cfg-firewall: add port 1536 to the initial ct helper chain -- Alex Harpin Wed, 24 Jun 2015 08:13:39 +0100 vyatta-cfg-firewall (0.14.0+vyos2+lithium12) unstable; urgency=low * vyatta-cfg-firewall: update dh_gencontrol with new development flag -- Alex Harpin Mon, 15 Jun 2015 08:16:45 +0100 vyatta-cfg-firewall (0.14.0+vyos2+lithium11) unstable; urgency=low * Missing comma in gen-interface-templates script interface hash. -- Daniil Baturin Thu, 14 May 2015 15:40:27 +0200 vyatta-cfg-firewall (0.14.0+vyos2+lithium10) unstable; urgency=low [ Carl Byington ] * add firewall config for vrrp interfaces * add firewall config for vrrp interfaces * add interfaces/vti//policy add interfaces/ethernet//vrrp/vrrp-group/policy remove interfaces/ethernet//pppoa * fix syntax error from sorting * fix syntax error from sorting * http://bugzilla.vyos.net/show_bug.cgi?id=494 [ Daniil Baturin ] -- Daniil Baturin Sun, 03 May 2015 23:42:07 +0200 vyatta-cfg-firewall (0.14.0+vyos2+lithium9) unstable; urgency=low * Bug #406: display uncommited firewall group names in completion. -- Daniil Baturin Sun, 03 May 2015 20:26:36 +0200 vyatta-cfg-firewall (0.14.0+vyos2+lithium8) unstable; urgency=low * Sanitize the package. -- Daniil Baturin Thu, 09 Apr 2015 01:01:41 +0200 vyatta-cfg-firewall (0.14.0+vyos2+lithium7) unstable; urgency=low [ kouak ] * Add SNPT and DNPT firewall hooks and load ip6t_NPT kernel module (#387) [ Daniil Baturin ] -- Daniil Baturin Tue, 17 Feb 2015 09:55:08 +0100 vyatta-cfg-firewall (0.14.0+vyos2+lithium6) unstable; urgency=low * Bug #487: complete names for added but not commited firewall rulesets. -- Daniil Baturin Sat, 14 Feb 2015 20:45:34 +0100 vyatta-cfg-firewall (0.14.0+vyos2+lithium5) unstable; urgency=low * Update maintainer address -- Alex Harpin Thu, 25 Dec 2014 14:11:08 +0000 vyatta-cfg-firewall (0.14.0+vyos2+lithium4) unstable; urgency=low * Force release -- Alex Harpin Mon, 15 Dec 2014 19:19:07 +0000 vyatta-cfg-firewall (0.14.0+vyos2+lithium3) unstable; urgency=low [ William Steve Applegate ] * Fix missing autogenerated chain for IPv6 policy routing. [ Daniil Baturin ] -- Daniil Baturin Fri, 21 Nov 2014 18:56:33 +0100 vyatta-cfg-firewall (0.14.0+vyos2+lithium2) unstable; urgency=low * New branch -- Daniil Baturin Tue, 18 Nov 2014 18:49:38 +0100 vyatta-cfg-firewall (0.14.0+vyos2+lithium1) unstable; urgency=low * New branch -- Daniil Baturin Tue, 18 Nov 2014 18:48:30 +0100 vyatta-cfg-firewall (0.13.91+vyos1+helium8) unstable; urgency=low * Add VXLAN to generated templates. -- Daniil Baturin Sat, 20 Sep 2014 10:09:34 +0200 vyatta-cfg-firewall (0.13.91+vyos1+helium7) unstable; urgency=low * Bug #115: disallow reserved firewall names in CLI validation. -- Daniil Baturin Sat, 02 Aug 2014 02:25:10 +0200 vyatta-cfg-firewall (0.13.91+vyos1+helium6) unstable; urgency=low * Bug #128: do not call ipset for every port/address in range. -- Daniil Baturin Sat, 02 Aug 2014 00:07:08 +0200 vyatta-cfg-firewall (0.13.91+vyos1+helium5) unstable; urgency=low * Bug #45: add port range validation script. * Bug #45: add port range validation to firewall templates. -- Daniil Baturin Fri, 01 Aug 2014 22:15:54 +0200 vyatta-cfg-firewall (0.13.91+vyos1+helium4) unstable; urgency=low [ Daniil Baturin ] * Bug #144: change priorities so route policy is after firewall groups [ Kim Hagen ] * Add QinQ to interfaces in template generators. * Add QinQ to interfaces in template generators node hashes. * Set separate virual interface for QinQ. [ Daniil Baturin ] * Bug #108: add an option to enable RFC1337 TCP TIME-WAIT hazards protection -- Daniil Baturin Thu, 31 Jul 2014 20:59:45 +0200 vyatta-cfg-firewall (0.13.91+vyos1+helium3) unstable; urgency=low * Bug #170: add L2TPv3 interface type to policy template generator. -- Daniil Baturin Sun, 06 Apr 2014 15:52:12 +0200 vyatta-cfg-firewall (0.13.91+vyos1+helium2) unstable; urgency=low * Bug #170: add L2TPv3 interface type to firewall templates generator. -- Daniil Baturin Sun, 06 Apr 2014 15:48:20 +0200 vyatta-cfg-firewall (0.13.91+vyos1+helium1) unstable; urgency=low * New branch -- Daniil Baturin Sat, 15 Feb 2014 16:06:21 +0100 vyatta-cfg-firewall (0.13.91+hydrogen1) unstable; urgency=low * New branch -- Daniil Baturin Sun, 17 Nov 2013 00:08:19 +0100 vyatta-cfg-firewall (0.13.91+daisy7) unstable; urgency=low * Add config node for firewall config change trap * Add script to generate traps * Enable generation of SNMP traps on firewall config changes -- James Davidson Mon, 10 Jun 2013 08:45:42 -0700 vyatta-cfg-firewall (0.13.91+daisy6) unstable; urgency=low * Fixing 8622 -- Gaurav Sinha Tue, 22 Jan 2013 16:39:42 -0800 vyatta-cfg-firewall (0.13.91+daisy5) unstable; urgency=low * fix for 8492. Don't declare error and bail out on attempt to deletion of ipset. -- Gaurav Sinha Wed, 21 Nov 2012 16:24:23 -0800 vyatta-cfg-firewall (0.13.91+daisy4) unstable; urgency=low * Fix rc usage as per ispet_delete and other commands -- Gaurav Sinha Tue, 20 Nov 2012 10:36:29 -0800 vyatta-cfg-firewall (0.13.91+daisy3) unstable; urgency=low * Bugfix 7613: cleanup firewall groups correctly -- John Southworth Mon, 19 Nov 2012 13:15:09 -0800 vyatta-cfg-firewall (0.13.91+daisy2) unstable; urgency=low * initial script for reset firewall group command * reset functions for named ipset rule implementation with commit lock * added reset all groups functions * Add warning prompt before doing reset * Add signal handler to handle CTRL+C to avoid commit blockade on lock file * Add show functions for allowed scripts for firewall groups -- Gaurav Sinha Mon, 19 Nov 2012 12:33:39 -0800 vyatta-cfg-firewall (0.13.91+daisy1) unstable; urgency=low * create daisy branch -- John Southworth Sat, 13 Oct 2012 13:30:29 -0700 vyatta-cfg-firewall (0.13.91) unstable; urgency=low * new branch -- John Southworth Fri, 12 Oct 2012 19:46:43 -0700 vyatta-cfg-firewall (0.13.90) unstable; urgency=low * PBR: config command validations, help strings etc. cleaned up and -- susheela Sat, 06 Oct 2012 15:09:36 -0700 vyatta-cfg-firewall (0.13.89) unstable; urgency=low [ Bharat ] * Bug 8200: Changed gred to not display shim6 [ bharat ] -- bharat Thu, 04 Oct 2012 11:55:24 -0700 vyatta-cfg-firewall (0.13.88) unstable; urgency=low * Bug 8348: policy route <> rule <> action, 'modify' shouldn't be allowed -- Robert Bays Thu, 13 Sep 2012 16:53:57 -0700 vyatta-cfg-firewall (0.13.87) unstable; urgency=low * 8330: return rule number in error message -- Gaurav Sinha Thu, 13 Sep 2012 09:42:12 -0700 vyatta-cfg-firewall (0.13.86) unstable; urgency=low * Fixing 3167, mandate multiport values after single port, remove misleading error message -- Gaurav Sinha Fri, 07 Sep 2012 17:22:05 -0700 vyatta-cfg-firewall (0.13.85) unstable; urgency=low * reserve upper table numbers for future use -- Robert Bays Wed, 05 Sep 2012 15:32:06 -0700 vyatta-cfg-firewall (0.13.84) unstable; urgency=low * initial checkin for pbr functionality * update script executable permissions * lower priority on policy route node so it is run before interfaces * Add val_help for table numbers * Table should be between 1-250, not 1-249. * changes to policy tables to add accept * populate firewall policy tables based on refcount * add support for main table -- Robert Bays Wed, 05 Sep 2012 14:26:40 -0700 vyatta-cfg-firewall (0.13.83) unstable; urgency=low * fix 8200, don't allow shim6 in allowed list of ipv4 protocols for firewall -- Gaurav Sinha Wed, 29 Aug 2012 17:03:52 -0700 vyatta-cfg-firewall (0.13.82) unstable; urgency=low * add conntrack raw table ignore chain * move CT_IGNORE chain up, first in raw table -- Gaurav Sinha Wed, 22 Aug 2012 17:42:02 -0700 vyatta-cfg-firewall (0.13.81) unstable; urgency=low * Bugfix 8271: Remove Vestigial VRRP hooks. The implementation changed and these are no longer needed. * 0.13.80 -- John Southworth Thu, 09 Aug 2012 16:53:27 -0700 vyatta-cfg-firewall (0.13.80) unstable; urgency=low * Bugfix 8271: Remove Vestigial VRRP hooks. The implementation changed and these are no longer needed. -- John Southworth Thu, 09 Aug 2012 16:53:20 -0700 vyatta-cfg-firewall (0.13.79) unstable; urgency=low * Bugfix 8217: VTI: add firewall cfg commands under interfaces vti * 0.13.78 -- Saurabh Mohan Thu, 09 Aug 2012 14:01:58 -0700 vyatta-cfg-firewall (0.13.78) unstable; urgency=low * Bugfix 8217: VTI: add firewall cfg commands under interfaces vti -- Saurabh Mohan Thu, 09 Aug 2012 13:29:07 -0700 vyatta-cfg-firewall (0.13.77) unstable; urgency=low * fixing 8173: moving CT_HELPER chain just before CTTIMEOUT -- Gaurav Sinha Fri, 22 Jun 2012 15:21:31 -0700 vyatta-cfg-firewall (0.13.76) unstable; urgency=low * fix 8112 -- Gaurav Sinha Mon, 18 Jun 2012 15:13:32 -0700 vyatta-cfg-firewall (0.13.75) unstable; urgency=low * Bugfix 8042: increase number of firewall groups to a reasonable number -- John Southworth Fri, 08 Jun 2012 14:02:27 -0700 vyatta-cfg-firewall (0.13.74) unstable; urgency=low * Adding functions to conditionally add CT_HELPER chain and remove when not in use, neither by FW nor by NAT. -- Gaurav Sinha Thu, 07 Jun 2012 22:17:09 -0700 vyatta-cfg-firewall (0.13.73) unstable; urgency=low * create CT_HELPER chain in PREROUTING and OUTPUT * don't add CTHELPER chain by default on boot. add when needed. * create nfct helper policies and prepare VYATTA_CT_HELPER chain -- Gaurav Sinha Wed, 06 Jun 2012 21:47:45 -0700 vyatta-cfg-firewall (0.13.72) unstable; urgency=low * Remove sudo from port-group syntax check call -- John Southworth Sun, 03 Jun 2012 12:16:21 -0700 vyatta-cfg-firewall (0.13.71) unstable; urgency=low * Make firewall syntax checks use the vyatta-util library -- John Southworth Sat, 02 Jun 2012 21:05:27 -0700 vyatta-cfg-firewall (0.13.70) unstable; urgency=low * No need to have vrrp specific interface templates anymore -- John Southworth Tue, 15 May 2012 20:43:09 -0700 vyatta-cfg-firewall (0.13.69) unstable; urgency=low * service names with hyphen need to be escaped using square brackets. -- Gaurav Sinha Mon, 30 Apr 2012 16:13:31 -0700 vyatta-cfg-firewall (0.13.68) unstable; urgency=low * fixing 7998 -- Gaurav Sinha Mon, 16 Apr 2012 11:12:28 -0700 vyatta-cfg-firewall (0.13.67) unstable; urgency=low * include CT_TIMEOUT chain for conntrack timeouts. -- Gaurav Fri, 23 Mar 2012 18:18:39 -0700 vyatta-cfg-firewall (0.13.66) unstable; urgency=low * new branch -- Deepti Kulkarni Sat, 03 Mar 2012 02:25:26 -0800 vyatta-cfg-firewall (0.13.65) unstable; urgency=low * 7047:use DEFLT instead of default -- Gaurav Wed, 29 Feb 2012 15:59:30 -0800 vyatta-cfg-firewall (0.13.64) unstable; urgency=low * fixing 7047 -- Gaurav Wed, 29 Feb 2012 13:51:06 -0800 vyatta-cfg-firewall (0.13.63) unstable; urgency=low * Bug Fix for 7751, 7753, 7757 -- Mohit Mehta Fri, 24 Feb 2012 19:11:48 -0800 vyatta-cfg-firewall (0.13.62) unstable; urgency=low * Fix help string of state-policy for related connections -- Mohit Mehta Fri, 06 Jan 2012 11:37:16 -0800 vyatta-cfg-firewall (0.13.61) unstable; urgency=low * Create VRRP output filter to filter IGMP from vmac interfaces -- John Southworth Tue, 27 Dec 2011 10:32:23 -0800 vyatta-cfg-firewall (0.13.60) unstable; urgency=low * Setup filter for VRRP vmac interfaces -- John Southworth Mon, 12 Dec 2011 15:18:47 -0800 vyatta-cfg-firewall (0.13.59) unstable; urgency=low * Add vrrp interface parameters for bonding vifs -- John Southworth Fri, 02 Dec 2011 11:24:59 -0800 vyatta-cfg-firewall (0.13.58) unstable; urgency=low * Warn users when stateful rules are set with state-policy configured -- Mohit Mehta Fri, 02 Dec 2011 03:58:22 -0800 vyatta-cfg-firewall (0.13.57) unstable; urgency=low [ Daniil Baturin ] * Remove conntrack-related templates from firewall * Remove remaining conntrack-related templates. * Remove conntrack modprobe config file (will be in vyatta-conntrack now). * Delete conntrack modprobe config file from automake rules. [ John Southworth ] * generate firewall templates for vrrp interfaces -- John Southworth Thu, 01 Dec 2011 16:54:09 -0800 vyatta-cfg-firewall (0.13.56) unstable; urgency=low * Bug 6063 ENH: Provide option(s) to globally allow stateful return traffic -- Mohit Mehta Thu, 01 Dec 2011 05:38:33 -0800 vyatta-cfg-firewall (0.13.55) unstable; urgency=low * Move check-params-on-reboot script for conntrack hash size to -- Daniil Baturin Thu, 24 Nov 2011 01:05:16 +0700 vyatta-cfg-firewall (0.13.54) unstable; urgency=low * Remove conntrack-related code from firewall top level template -- Daniil Baturin Tue, 08 Nov 2011 04:15:53 +0700 vyatta-cfg-firewall (0.13.53) unstable; urgency=low * Force release -- Daniil Baturin Sat, 05 Nov 2011 06:16:01 +0700 vyatta-cfg-firewall (0.13.52) unstable; urgency=low * Remove conntrack-related templates from firewall * Remove remaining conntrack-related templates. * Remove conntrack modprobe config file (will be in vyatta-conntrack now). * Change firewall version from 4 to 5. * Fix automake rules to reflect version change and removal of conntrack modprobe config. -- Daniil Baturin Sat, 05 Nov 2011 06:14:59 +0700 vyatta-cfg-firewall (0.13.51) unstable; urgency=low * Add support for vif on pseudo-ethernet * fix duplicate definiton in Makefile * Add dependency on version of vyatta-cfg-system -- Stephen Hemminger Thu, 03 Nov 2011 14:41:47 -0700 vyatta-cfg-firewall (0.13.50) unstable; urgency=low [ Stig ] * Fix Bug 7477 firewall group negation doesn't work in vc6.3 [ Mohit Mehta ] -- Mohit Mehta Mon, 29 Aug 2011 14:44:37 -0700 vyatta-cfg-firewall (0.13.49) unstable; urgency=low * Fix README -- Mohit Mehta Mon, 18 Jul 2011 19:02:05 -0700 vyatta-cfg-firewall (0.13.48) unstable; urgency=low * Fix Bug 7340 Unable to apply modify firewall to interface when zone policy exists -- Mohit Mehta Fri, 15 Jul 2011 12:04:29 -0700 vyatta-cfg-firewall (0.13.47) unstable; urgency=low * new branch -- Deepti Kulkarni Thu, 07 Jul 2011 20:55:14 -0700 vyatta-cfg-firewall (0.13.46) unstable; urgency=low * add "two-stage commit" equivalent to previous fix for bug 5227. -- An-Cheng Huang Fri, 20 May 2011 12:17:44 -0700 vyatta-cfg-firewall (0.13.45) unstable; urgency=low * modify firewall groups to work with new commit -- An-Cheng Huang Tue, 10 May 2011 09:22:01 +0800 vyatta-cfg-firewall (0.13.44) unstable; urgency=low * * Fix Bug 6915 conntrack-hash-size reverts to default after upgrade -- Mohit Mehta Mon, 18 Apr 2011 18:17:25 -0700 vyatta-cfg-firewall (0.13.43) unstable; urgency=low * more ipset 6.0 change -- An-Cheng Huang Mon, 07 Mar 2011 11:42:28 -0800 vyatta-cfg-firewall (0.13.42) unstable; urgency=low * changes for ipset 6.0 -- An-Cheng Huang Fri, 04 Mar 2011 19:14:31 -0800 vyatta-cfg-firewall (0.13.41) unstable; urgency=low * Partial fix for bug 6759 serial packages are incorrectly included in virt ISO -- Mohit Mehta Wed, 02 Feb 2011 12:05:35 -0800 vyatta-cfg-firewall (0.13.40) unstable; urgency=low * Fix Bug 6292 iptables chain-name must be reduced to 28 characters max -- Mohit Mehta Mon, 10 Jan 2011 17:36:06 -0800 vyatta-cfg-firewall (0.13.39) unstable; urgency=low * new branch -- An-Cheng Huang Tue, 28 Dec 2010 13:47:02 -0800 vyatta-cfg-firewall (0.13.38) unstable; urgency=low * Fix help text for firewall interface rules -- Stephen Hemminger Mon, 06 Dec 2010 17:08:10 -0800 vyatta-cfg-firewall (0.13.37) unstable; urgency=low * Fix help text in generated templates -- Stephen Hemminger Fri, 03 Dec 2010 13:48:09 -0800 vyatta-cfg-firewall (0.13.36) unstable; urgency=low * Fix 6442: Request to remove "Error: ipt_disable_conntrack failed to find -- Stig Thormodsrud Mon, 29 Nov 2010 17:27:49 -0800 vyatta-cfg-firewall (0.13.35) unstable; urgency=low * Show if logging is enabled on the default action. -- Stig Thormodsrud Mon, 29 Nov 2010 15:01:47 -0800 vyatta-cfg-firewall (0.13.34) unstable; urgency=low * Use regex to test for name length rather than wc program -- Stephen Hemminger Wed, 24 Nov 2010 09:12:43 -0800 vyatta-cfg-firewall (0.13.33) unstable; urgency=low * Updated to change in error location api. -- Michael Larson Tue, 16 Nov 2010 09:36:48 -0800 vyatta-cfg-firewall (0.13.32) unstable; urgency=low * Fix Bug 6421 cannot set content-inspection in the same -- Mohit Mehta Thu, 11 Nov 2010 18:09:13 -0800 vyatta-cfg-firewall (0.13.31) unstable; urgency=low * Fix 5247: Firewall groups CLI becomes out of sync with ipset when sets and deletes are contained within a single commit -- Stig Thormodsrud Sat, 30 Oct 2010 13:20:25 -0700 vyatta-cfg-firewall (0.13.30) unstable; urgency=low * use single variable to reference firewall IN and OUT hooks * add local hook setup/tear for filter table similar to in|out hooks -- Mohit Mehta Tue, 19 Oct 2010 18:59:56 -0700 vyatta-cfg-firewall (0.13.29) unstable; urgency=low * Change snort queue target use default queue. -- Stig Thormodsrud Fri, 15 Oct 2010 18:16:38 -0700 vyatta-cfg-firewall (0.13.28) unstable; urgency=low * Fix 6296: "iptables: No chain..." message when committing the firewall group configuration. -- Stig Thormodsrud Fri, 15 Oct 2010 16:38:25 -0700 vyatta-cfg-firewall (0.13.27) unstable; urgency=low * missing paren -- root Fri, 15 Oct 2010 16:09:48 -0700 vyatta-cfg-firewall (0.13.26) unstable; urgency=low * additional errors w/ location of error. -- root Fri, 15 Oct 2010 15:08:19 -0700 vyatta-cfg-firewall (0.13.25) unstable; urgency=low [ Stephen Hemminger ] * Use Sys::Syslog to avoid calling logger excessively [ Stig Thormodsrud ] * Add Iptables::Mgr route to get queue target. -- Stig Thormodsrud Thu, 14 Oct 2010 14:11:01 -0700 vyatta-cfg-firewall (0.13.24) unstable; urgency=low * Fix dependency on sysklogd * Fix dependency on virtual-package -- Stephen Hemminger Thu, 07 Oct 2010 11:41:43 -0700 vyatta-cfg-firewall (0.13.23) unstable; urgency=low * move chain_referenced function to Mgr.pm module -- Mohit Mehta Fri, 01 Oct 2010 11:32:43 -0700 vyatta-cfg-firewall (0.13.22) unstable; urgency=low * * move count_iptables_rule to Iptables::Mgr and update it's usage -- Mohit Mehta Tue, 21 Sep 2010 21:16:45 -0700 vyatta-cfg-firewall (0.13.21) unstable; urgency=low * * separate out post fw hooks for IN, FWD, OUT. Use count_iptables_rule from lib -- Mohit Mehta Tue, 21 Sep 2010 17:35:13 -0700 vyatta-cfg-firewall (0.13.20) unstable; urgency=low * rename existing file no matter what; don't need the -n flag -- Mohit Mehta Mon, 13 Sep 2010 15:34:09 -0700 vyatta-cfg-firewall (0.13.19) unstable; urgency=low * Fix bug 6149 Warning on boot because of modprobe config file names -- Mohit Mehta Mon, 13 Sep 2010 15:03:33 -0700 vyatta-cfg-firewall (0.13.18) unstable; urgency=low * Fix Bug 6149 Warning on boot because of modprobe config file names -- Mohit Mehta Mon, 13 Sep 2010 14:07:16 -0700 vyatta-cfg-firewall (0.13.17) unstable; urgency=low * Fix Bug 5309 Allow modifyining TCP MSS option -- Mohit Mehta Fri, 10 Sep 2010 16:49:42 -0700 vyatta-cfg-firewall (0.13.16) unstable; urgency=low * add Replaces field for vyatta-cfg-firewall-serial -- An-Cheng Huang Wed, 08 Sep 2010 11:33:31 -0700 vyatta-cfg-firewall (0.13.15) unstable; urgency=low * Split serial templates into separate package -- Stephen Hemminger Tue, 07 Sep 2010 08:54:41 -0700 vyatta-cfg-firewall (0.13.14) unstable; urgency=low * UNRELEASED -- An-Cheng Huang Thu, 02 Sep 2010 18:28:11 -0700 vyatta-cfg-firewall (0.13.13) unstable; urgency=low * Fix 6125: iptables errors on boot up of mendocino -- Stig Thormodsrud Tue, 31 Aug 2010 16:09:26 -0700 vyatta-cfg-firewall (0.13.12) unstable; urgency=low * remove low-level config dir usage -- An-Cheng Huang Tue, 17 Aug 2010 18:24:25 -0700 vyatta-cfg-firewall (0.13.11) unstable; urgency=low * update help text to use val_help -- An-Cheng Huang Tue, 17 Aug 2010 15:31:04 -0700 vyatta-cfg-firewall (0.13.10) unstable; urgency=low [ Mohit Mehta ] * fix range in help strings for count parameter under recent * fix bug 6055 firewall rule help strings are confusing [ Stig Thormodsrud ] * Fix 5917: FW: Max characters exceeded for ipset rule when using "set firewall -- Stig Thormodsrud Tue, 17 Aug 2010 10:58:05 -0700 vyatta-cfg-firewall (0.13.9) unstable; urgency=low * remove low-level config dir usage -- An-Cheng Huang Mon, 16 Aug 2010 18:32:41 -0700 vyatta-cfg-firewall (0.13.8) unstable; urgency=low * remove CLI backend env variables usage * get rid of lintian warnings -- An-Cheng Huang Wed, 11 Aug 2010 18:46:50 -0700 vyatta-cfg-firewall (0.13.7-94) unstable; urgency=low [ Stephen Hemminger ] * Convert firewall rules to val_help: [ Stig Thormodsrud ] * Fix 5917: FW: Max characters exceeded for ipset rule when using "set firewall group address-group" command -- Stig Thormodsrud Tue, 27 Jul 2010 15:58:57 -0700 vyatta-cfg-firewall (0.13.7-93) unstable; urgency=low * UNRELEASED -- An-Cheng Huang Thu, 22 Jul 2010 17:23:10 -0700 vyatta-cfg-firewall (0.13.7-92) unstable; urgency=low * undo verb usage at the start of help strings -- Mohit Mehta Wed, 21 Jul 2010 14:10:52 -0700 vyatta-cfg-firewall (0.13.7-91) unstable; urgency=low * Fix bug 4629 configuration limit of recent count firewall rule is 20 -- Mohit Mehta Thu, 15 Jul 2010 10:55:42 -0700 vyatta-cfg-firewall (0.13.7-90) unstable; urgency=low * Fix Bug 5744 unable to use firewall group with recent match condition -- Mohit Mehta Tue, 13 Jul 2010 18:54:01 -0700 vyatta-cfg-firewall (0.13.7-89) unstable; urgency=low * Dont tear down conntrack if the other table is using it. -- Stig Thormodsrud Sat, 12 Jun 2010 15:47:49 -0700 vyatta-cfg-firewall (0.13.7-88) unstable; urgency=low * Dont create FW_CONNTRACK if it already exists. -- Stig Thormodsrud Sat, 12 Jun 2010 15:20:36 -0700 vyatta-cfg-firewall (0.13.7-87) unstable; urgency=low * Add support for firewall enable-default-log. -- Stig Thormodsrud Fri, 11 Jun 2010 18:10:17 -0700 vyatta-cfg-firewall (0.13.7-86) unstable; urgency=low * Fix ipt_disable_conntrack() to delete correct chain. -- Stig Thormodsrud Fri, 11 Jun 2010 10:21:10 -0700 vyatta-cfg-firewall (0.13.7-85) unstable; urgency=low * Infrastruction needed for bug 5583. -- Stig Thormodsrud Thu, 10 Jun 2010 15:02:08 -0700 vyatta-cfg-firewall (0.13.7-84) unstable; urgency=low * Bugfix 5632: Add ability to configure SIP UDP port numbers. -- Bob Gilligan Mon, 31 May 2010 00:36:47 -0700 vyatta-cfg-firewall (0.13.7-83) unstable; urgency=low * need to restart conntrackd when conntrack table size changes -- Mohit Mehta Thu, 20 May 2010 19:28:57 -0700 vyatta-cfg-firewall (0.13.7-82) unstable; urgency=low * Fix Bug 5588 Add ability to modify conntrack expectation table size -- Mohit Mehta Mon, 17 May 2010 15:29:58 -0700 vyatta-cfg-firewall (0.13.7-81) unstable; urgency=low * add input interface templates * Make sure perl packages load successfully -- Stephen Hemminger Thu, 06 May 2010 16:19:09 -0700 vyatta-cfg-firewall (0.13.7-80) unstable; urgency=low * Add VYATTA_PRE_DNAT_HOOK in nat PREROUTING table. -- Stig Thormodsrud Fri, 09 Apr 2010 14:54:20 -0700 vyatta-cfg-firewall (0.13.7-79) unstable; urgency=low * Fix 5203: negation in firewall rule causes deprecation message -- Stig Thormodsrud Wed, 24 Mar 2010 17:12:32 -0700 vyatta-cfg-firewall (0.13.7-78) unstable; urgency=low * Fix firewall group parent delete while still referenced. -- Stig Thormodsrud Thu, 18 Mar 2010 19:45:24 -0700 vyatta-cfg-firewall (0.13.7-77) unstable; urgency=low * Fix 5453: can't delete "address" under "firewall group <> address- group <> " -- Stig Thormodsrud Wed, 17 Mar 2010 16:43:04 -0700 vyatta-cfg-firewall (0.13.7-76) unstable; urgency=low * Fix 5453: can't delete "address" under "firewall group <> address- group <>" -- Stig Thormodsrud Wed, 17 Mar 2010 14:32:14 -0700 vyatta-cfg-firewall (0.13.7-75) unstable; urgency=low * Fix firewall conntrack teardown. -- Stig Thormodsrud Fri, 05 Mar 2010 11:43:23 -0800 vyatta-cfg-firewall (0.13.7-74) unstable; urgency=low * UNRELEASED -- An-Cheng Huang Wed, 17 Feb 2010 16:13:01 -0800 vyatta-cfg-firewall (0.13.7-73) unstable; urgency=low * Fix 5227: firewall group config can get out of sync with ipset -- Stig Thormodsrud Mon, 15 Feb 2010 13:10:57 -0800 vyatta-cfg-firewall (0.13.7-72) unstable; urgency=low [ Stephen Hemminger ] * Remove old Xorp template [ Stig Thormodsrud ] * Fix 5326: firewall group address range wraps at 255. -- Stig Thormodsrud Fri, 12 Feb 2010 13:12:03 -0800 vyatta-cfg-firewall (0.13.7-71) unstable; urgency=low * Fix 5248: Firewall config and show commands hang when showing and committing address groups. -- Stig Thormodsrud Fri, 22 Jan 2010 15:01:46 -0800 vyatta-cfg-firewall (0.13.7-70) unstable; urgency=low * Add same restrictions to ipv6-firewall name -- Stephen Hemminger Mon, 04 Jan 2010 16:08:14 -0800 vyatta-cfg-firewall (0.13.7-69) unstable; urgency=low * Add VIF for wireless templates * Don't allow spaces or other shell-confusing characters in firewall name -- Stephen Hemminger Mon, 04 Jan 2010 15:26:19 -0800 vyatta-cfg-firewall (0.13.7-68) unstable; urgency=low * Fix Bug 5173 Firewall becomes out of sync with iptables when logging is used -- Mohit Mehta Tue, 22 Dec 2009 21:01:08 -0800 vyatta-cfg-firewall (0.13.7-67) unstable; urgency=low * added required keyword to help text. -- Michael Larson Mon, 30 Nov 2009 15:31:39 -0800 vyatta-cfg-firewall (0.13.7-66) unstable; urgency=low * dependencyupdate -- Michael Larson Fri, 13 Nov 2009 14:16:15 -0800 vyatta-cfg-firewall (0.13.7-65) unstable; urgency=low * move priority after tag nodes. -- slioch Wed, 21 Oct 2009 09:18:12 -0700 vyatta-cfg-firewall (0.13.7-64) unstable; urgency=low * add priority to node.def files. -- slioch Tue, 20 Oct 2009 16:22:22 -0700 vyatta-cfg-firewall (0.13.7-63) unstable; urgency=low * Change syntax exec to syntax pattern. -- Stig Thormodsrud Fri, 02 Oct 2009 18:18:32 -0700 vyatta-cfg-firewall (0.13.7-62) unstable; urgency=low * Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. -- Bob Gilligan Tue, 22 Sep 2009 15:54:19 -0700 vyatta-cfg-firewall (0.13.7-61) unstable; urgency=low [ rbays ] * fix for bug 4794 SIP Helper/ALG module does not translate RTP traffic... -- Mohit Mehta Mon, 31 Aug 2009 12:29:12 -0700 vyatta-cfg-firewall (0.13.7-60) unstable; urgency=low * Add templates for wireless devices -- Stephen Hemminger Thu, 20 Aug 2009 13:42:49 -0700 vyatta-cfg-firewall (0.13.7-59) unstable; urgency=low * * Fix Bug 3625 Firewall protocol option should have a selection for TCP and UDP -- Mohit Mehta Fri, 07 Aug 2009 18:56:15 -0700 vyatta-cfg-firewall (0.13.7-58) unstable; urgency=low * prevent possible situation where the two iptables rules for match condition -- Mohit Mehta Thu, 06 Aug 2009 12:01:29 -0700 vyatta-cfg-firewall (0.13.7-57) unstable; urgency=low [ Stig Thormodsrud ] * Fix 4683: Firewall Rule number maximum 1024 reached * Another attempt to fix 4760. [ Mohit Mehta ] * add tcp_udp as a valid key to hash. feature developer is responsible -- Mohit Mehta Wed, 05 Aug 2009 12:35:54 -0700 vyatta-cfg-firewall (0.13.7-56) unstable; urgency=low [ Stephen Hemminger ] * remove pseudo-ethernet vif -- Stig Thormodsrud Fri, 10 Jul 2009 16:57:49 -0700 vyatta-cfg-firewall (0.13.7-55) unstable; urgency=low * Firewall groups fail on bootup - change syntax check to commit check. * Fix negate of firewall group. -- Stig Thormodsrud Mon, 15 Jun 2009 18:11:15 -0700 vyatta-cfg-firewall (0.13.7-54) unstable; urgency=low * Fix 4581: Firewall name issue causes failed commit -- Stig Thormodsrud Sun, 14 Jun 2009 11:25:43 -0700 vyatta-cfg-firewall (0.13.7-53) unstable; urgency=low * Change syntax err msg from default-policy to default-action. -- Stig Thormodsrud Tue, 02 Jun 2009 20:23:39 -0700 vyatta-cfg-firewall (0.13.7-52) unstable; urgency=low * Change firewall default-policy to default-action. -- Stig Thormodsrud Tue, 02 Jun 2009 18:52:16 -0700 vyatta-cfg-firewall (0.13.7-51) unstable; urgency=low * * fix syntax error message -- Mohit Mehta Tue, 02 Jun 2009 18:03:59 -0700 vyatta-cfg-firewall (0.13.7-50) unstable; urgency=low * Make firewall group comp_help more consistent with the rest of the cli. -- Stig Thormodsrud Tue, 02 Jun 2009 15:41:44 -0700 vyatta-cfg-firewall (0.13.7-49) unstable; urgency=low * * add default value of 1 for 'limit burst' in its node.def -- Mohit Mehta Tue, 02 Jun 2009 12:25:46 -0700 vyatta-cfg-firewall (0.13.7-48) unstable; urgency=low * UNRELEASED -- An-Cheng Huang Fri, 29 May 2009 18:35:06 -0700 vyatta-cfg-firewall (0.13.7-47) unstable; urgency=low * Bugfix 4462: Fix typo in interface name references. -- Bob Gilligan Thu, 28 May 2009 15:39:53 -0700 vyatta-cfg-firewall (0.13.7-46) unstable; urgency=low [ Stephen Hemminger ] * remove unused ifrename [ Mohit Mehta ] * explicitly set conntrack table size to 16384 on system boot -- Mohit Mehta Wed, 27 May 2009 14:08:26 -0700 vyatta-cfg-firewall (0.13.7-45) unstable; urgency=low * Fix 4390: Firewall config error: Cannot specify multiple ports when both -- Stig Thormodsrud Thu, 14 May 2009 16:43:44 -0700 vyatta-cfg-firewall (0.13.7-44) unstable; urgency=low * rectify regex check -- Mohit Mehta Wed, 13 May 2009 18:18:58 -0700 vyatta-cfg-firewall (0.13.7-43) unstable; urgency=low * Fix Bug 4394 reject is an invalid action for rules in modify rulesets -- Mohit Mehta Tue, 12 May 2009 12:17:15 -0700 vyatta-cfg-firewall (0.13.7-42) unstable; urgency=low * Add 'reject' as a configurable value for default-policy -- Mohit Mehta Mon, 11 May 2009 16:58:26 -0700 vyatta-cfg-firewall (0.13.7-41) unstable; urgency=low [ Bob Gilligan ] * Bugfix 4340: Enable net.netfilter.nf_conntrack_tcp_be_liberal by default. [ Mohit Mehta ] * Fix Bug 4388 firewall name shouldn't have been set after commit failed -- Mohit Mehta Fri, 08 May 2009 17:19:24 -0700 vyatta-cfg-firewall (0.13.7-40) unstable; urgency=low * * don't allow user to create a chain that exists in the system. This may be -- Mohit Mehta Tue, 05 May 2009 11:51:19 -0700 vyatta-cfg-firewall (0.13.7-39) unstable; urgency=low * * setup table only for specific tree, not both filter and mangle -- Mohit Mehta Fri, 01 May 2009 16:33:59 -0700 vyatta-cfg-firewall (0.13.7-38) unstable; urgency=low * Handle files moved from other packages to this package. -- Bob Gilligan Wed, 29 Apr 2009 16:01:44 -0700 vyatta-cfg-firewall (0.13.7-37) unstable; urgency=low * Rename virtual-ethernet to pseudo-ethernet -- Stephen Hemminger Wed, 29 Apr 2009 12:33:08 -0700 vyatta-cfg-firewall (0.13.7-36) unstable; urgency=low * outlaw applying firewall to an interface that is defined under a zone -- Mohit Mehta Mon, 27 Apr 2009 17:20:49 -0700 vyatta-cfg-firewall (0.13.7-35) unstable; urgency=low * Disable firewall debuging by default. -- Stig Thormodsrud Mon, 27 Apr 2009 15:37:15 -0700 vyatta-cfg-firewall (0.13.7-34) unstable; urgency=low * enable/disable conntrack separately for ipv4/ipv6 -- Stig Thormodsrud Fri, 24 Apr 2009 18:17:26 -0700 vyatta-cfg-firewall (0.13.7-33) unstable; urgency=low * Move setup/teardown out from top-level firewall node. -- Stig Thormodsrud Fri, 24 Apr 2009 16:20:03 -0700 vyatta-cfg-firewall (0.13.7-32) unstable; urgency=low [ Stephen Hemminger ] * Add support for virtual-ethernet [ Bob Gilligan ] * bugfix 4297: Don't allow modify rulesets on local traffic. -- Bob Gilligan Fri, 24 Apr 2009 14:32:27 -0700 vyatta-cfg-firewall (0.13.7-31) unstable; urgency=low * Fix Bug 4261 - Features missing in various firewall sub-trees -- Mohit Mehta Wed, 22 Apr 2009 16:25:44 -0700 vyatta-cfg-firewall (0.13.7-30) unstable; urgency=low * Add conntrack and post firewall hooks for IPv6. -- Bob Gilligan Mon, 13 Apr 2009 15:15:40 -0700 vyatta-cfg-firewall (0.13.7-29) unstable; urgency=low * Move firewall "end" processing down to each table. * Fix bug where an empty firewall rule deletes the default drop policy. -- Stig Thormodsrud Mon, 13 Apr 2009 13:58:29 -0700 vyatta-cfg-firewall (0.13.7-28) unstable; urgency=low * Fix faulty search loop. * Add ability for firename to select default policy. -- Stig Thormodsrud Thu, 09 Apr 2009 11:28:51 -0700 vyatta-cfg-firewall (0.13.7-27) unstable; urgency=low * Apply interface firewalls to separate VYATTA_(IN|OUT)_HOOK. -- Stig Thormodsrud Tue, 07 Apr 2009 19:46:53 -0700 vyatta-cfg-firewall (0.13.7-26) unstable; urgency=low * Bugfix 4261: Add support to configure "limit" for IPv6 modify rulesets. -- Bob Gilligan Fri, 03 Apr 2009 14:21:44 -0700 vyatta-cfg-firewall (0.13.7-25) unstable; urgency=low * Bugfix 4261: Add support to configure "limit" in IPv6. -- Bob Gilligan Fri, 03 Apr 2009 14:13:10 -0700 vyatta-cfg-firewall (0.13.7-24) unstable; urgency=low [ Stig Thormodsrud ] * Allow user configurable default-policy on firewall. * Revert "Allow user configurable default-policy on firewall." [ Stephen Hemminger ] * Cleanup perl code that generates templates [ Stig Thormodsrud ] * Remove extra carriage return that was breaking the generated firewall -- Stig Thormodsrud Tue, 31 Mar 2009 18:02:34 -0700 vyatta-cfg-firewall (0.13.7-23) unstable; urgency=low * * add 'redirect' to Valid ICMPv6 Types -- Mohit Mehta Thu, 26 Mar 2009 11:32:39 -0700 vyatta-cfg-firewall (0.13.7-22) unstable; urgency=low * Doing strict ES won't work for router -- Stephen Hemminger Fri, 13 Mar 2009 10:19:02 -0700 vyatta-cfg-firewall (0.13.7-21) unstable; urgency=low * Enable strict host matching * Don't use -P -- Stephen Hemminger Thu, 12 Mar 2009 11:32:50 -0700 vyatta-cfg-firewall (0.13.7-20) unstable; urgency=low * Bugfix 4203: Name of template should be classical-ipoa, not classical_ipoa -- Bob Gilligan Tue, 10 Mar 2009 16:34:31 -0700 vyatta-cfg-firewall (0.13.7-19) unstable; urgency=low * Automatically generate more per-interface firewall templates. -- Bob Gilligan Mon, 09 Mar 2009 11:19:04 -0700 vyatta-cfg-firewall (0.13.7-18) unstable; urgency=low * Remove per-interface firewall templates; They are now generated. -- Bob Gilligan Fri, 06 Mar 2009 17:09:08 -0800 vyatta-cfg-firewall (0.13.7-17) unstable; urgency=low * Don't attempt to delete ruleset from "other" trees -- Bob Gilligan Wed, 04 Mar 2009 12:00:51 -0800 vyatta-cfg-firewall (0.13.7-16) unstable; urgency=low * Fix generated templates for ethernet vifs. -- Bob Gilligan Tue, 03 Mar 2009 18:15:47 -0800 vyatta-cfg-firewall (0.13.7-15) unstable; urgency=low [ Stig Thormodsrud ] * Revert "Make sure to quote $VAR(@)." * Use single quote around $VAR(@). [ Bob Gilligan ] * The generated-templates directory holds only derived files. [ Stig Thormodsrud ] * Add allow/comp_help to firewall action. * Limit address range to a /24, but make easy to change if it's deam too restrictive. * Prevent ';' from being used in a firewall name. * Fix 3422: fw logging fails if logprefix is too long (> 29 characters) -- Stig Thormodsrud Sun, 01 Mar 2009 12:17:09 -0800 vyatta-cfg-firewall (0.13.7-14) unstable; urgency=low [ Stig Thormodsrud ] * Limit firewall name to 29 characters since that is the iptables/ip6tables [ Mohit Mehta ] * add ipv6 accept_redirects and accept_source_route under firewall [ Stig Thormodsrud ] * Make sure to quote $VAR(@). [ Mohit Mehta ] -- Mohit Mehta Tue, 24 Feb 2009 18:56:15 -0800 vyatta-cfg-firewall (0.13.7-13) unstable; urgency=low [ Mohit Mehta ] * Fix Bug 4150 enable loose reverse path filtering [ Bob Gilligan ] * Allow IPv6 firewall rulesets to be configured on an interface independent of IPv4. -- Bob Gilligan Tue, 24 Feb 2009 16:43:15 -0800 vyatta-cfg-firewall (0.13.7-12) unstable; urgency=low * Add "ipv6-modify" firewall configuration sub-tree. -- Bob Gilligan Mon, 23 Feb 2009 12:00:44 -0800 vyatta-cfg-firewall (0.13.7-11) unstable; urgency=low * Fix Bug 3951 default values for kernel tunable security parameters under firewall * Fix Bug 3951 default values for kernel tunable security parameters under firewall -- Mohit Mehta Thu, 19 Feb 2009 19:14:17 -0800 vyatta-cfg-firewall (0.13.7-10) unstable; urgency=low * Multiple updates for IPv6: -- Bob Gilligan Wed, 18 Feb 2009 16:52:51 -0800 vyatta-cfg-firewall (0.13.7-9) UNRELEASED; urgency=low * Add check for address range starting with higher address. * Add natural-order sort for displaying address/network groups. -- Stig Thormodsrud Mon, 16 Feb 2009 13:28:42 -0800 vyatta-cfg-firewall (0.13.7-8) UNRELEASED; urgency=low * Add support for ranges in firewall group address & port. * Change delete_member_range to use the same subnet prefix. * Reduce duplicate code. -- Stig Thormodsrud Mon, 16 Feb 2009 11:59:41 -0800 vyatta-cfg-firewall (0.13.7-7) unstable; urgency=low [ Mohit Mehta ] * no need to use loop to echo allowed values [ Stig Thormodsrud ] * Add allow values for firewall groups. * Add firewall group nodes to firewall modify. * Add check for combining network-group and address-group. * Add support for "show firewall group". * Cache exists() to reduce calls to external /usr/sbin/ipset. * Add show-set to display all sets. [ Mohit Mehta ] * Fix Bug 4074 firewall broadcast ping parameter needs to be clarified [ Stig Thormodsrud ] * Add description and references to "show firewall group". * Make "show firewall group" work for operator. -- Stig Thormodsrud Fri, 13 Feb 2009 20:52:51 -0800 vyatta-cfg-firewall (0.13.7-6) unstable; urgency=low [ Stig Thormodsrud ] * Add back parameter that was dropped when converting to use run_cmd(). * Add more firewall group validation before calling ipset. * Add more validation of firewall network-group before calling ipset. * Add space in front of match rule just in case other match rules don't. * Clean up mapping between vyatta firewall group_type vs ipset set_type. * Change sudo usage to be more consistent. * Add check for combination of IP range and network-group. [ Mohit Mehta ] * better off storing icmp type-names than depend on iptables help -- Mohit Mehta Thu, 12 Feb 2009 17:33:55 -0800 vyatta-cfg-firewall (0.13.7-5) unstable; urgency=low * Delete commented out code. * Add validation of group type. * Add carriage return to error message. -- Stig Thormodsrud Mon, 09 Feb 2009 10:22:42 -0800 vyatta-cfg-firewall (0.13.7-4) unstable; urgency=low * changing debian version string -- Mohit Mehta Thu, 05 Feb 2009 18:52:36 -0800 vyatta-cfg-firewall (0.13.7-3) unstable; urgency=low [ Stig Thormodsrud ] * Reduce duplicate code. * Reduce duplicate code in setup/setupOrig. * Add validation that group and non-groups can't be used in the same src/dst rule. * Reduce duplicate code in setup/setupOrig. [ Mohit Mehta ] * display appropriate anywhere address depending on IPv4 or IPv6 -- Mohit Mehta Thu, 05 Feb 2009 18:41:00 -0800 vyatta-cfg-firewall (0.13.7-2) unstable; urgency=low [ Bob Gilligan ] * Rever to specific IP version in help text. * Bugfix 4052: Support PPPOE over an ethernet VIF. [ Stig Thormodsrud ] * Add 1st pass of firewall group support (ipset netfilter module * Fix call to returnValue that should be returnOrigValue. [ Stephen Hemminger ] * Remove prototype * Enable strict checking * Fix perlcritic warnings * Turn on strict checking and fix warnings -- Stephen Hemminger Tue, 03 Feb 2009 09:24:52 -0800 vyatta-cfg-firewall (0.13.7-1) unstable; urgency=low * Fix Bug 2741 ENH: filter based on ICMP Type/code by name -- Mohit Mehta Fri, 30 Jan 2009 18:39:18 -0800 vyatta-cfg-firewall (0.13.7) unstable; urgency=low [ Bob Gilligan ] * Add support for IPv6 address ranges. [ Mohit Mehta ] * Use iptables comment to identify CLI rule numbers in iptables output -- Mohit Mehta Fri, 30 Jan 2009 11:17:19 -0800 vyatta-cfg-firewall (0.13.6) unstable; urgency=low * Fix Bug 2474 https://bugzilla.vyatta.com/show_bug.cgi?id=2474 -- Mohit Mehta Mon, 26 Jan 2009 16:45:01 -0800 vyatta-cfg-firewall (0.13.5) unstable; urgency=low * Bugfix 4062: Don't reference parameters outside the config tree. -- Bob Gilligan Fri, 23 Jan 2009 14:09:27 -0800 vyatta-cfg-firewall (0.13.4) unstable; urgency=low * Initial support for IPv6. -- Bob Gilligan Thu, 22 Jan 2009 13:36:29 -0800 vyatta-cfg-firewall (0.13.3) unstable; urgency=low * UNRELEASED * - Fix Bug 2223 Add rate rate limiting / burst limiting functions to the Vyatta firewall * Fix Bug 3653 Add the ability to configure time-based firewall rules * Fix Bug 3653 Add the ability to configure time-based firewall rules -- Mohit Mehta Fri, 16 Jan 2009 18:33:11 -0800 vyatta-cfg-firewall (0.13.2) unstable; urgency=low * UNRELEASED * Fix Bug 3653 Add the ability to configure time-based firewall rules -- Mohit Mehta Tue, 13 Jan 2009 18:09:11 -0800 vyatta-cfg-firewall (0.13.1) unstable; urgency=low [ An-Cheng Huang ] * add support for development build [ Stephen Hemminger ] * Rename VyattaIpTablesRule to Vyatta::IpTables::Rule * Convert to Vyatta::Config * Convert VyattaConfig to Vyatta::Config * Fix reference to Vyatta::Misc [ An-Cheng Huang ] * fix for perl module reorganization * add ipp2p config options [ Stig Thormodsrud ] * Convert to use Vyatta:: [ Bob Gilligan ] * Cleanup firewall templates for readability. Update help strings to reflect IPv4. [ Stig Thormodsrud ] * Warning are now enabled - don't reference undefined values. [ An-Cheng Huang ] * update maintainer information * "files" file should be removed before package build [ Stig Thormodsrud ] * Fix 3626: Not all protocol numbers are accepted in firewall rules. * Fix 2563: Add firewall-rule specific disable configuration parameter. [ An-Cheng Huang ] -- An-Cheng Huang Thu, 08 Jan 2009 09:20:14 -0800 vyatta-cfg-firewall (0.13) unstable; urgency=low 3.2.0 [ Mark O'Brien ] [ Bob Gilligan ] * Bugfix: 3684 [ Stephen Hemminger ] * add firewall hooks for ethernet bonding [ An-Cheng Huang ] * fix for bug 3622: add pre-SNAT hook * fix for bug 3604: add fragment matching options * fix conntrack enabling mechanism * fix for bug 2224: add "recent" matching [ Mark O'Brien ] -- Mark O'Brien Tue, 25 Nov 2008 19:08:40 -0800 vyatta-cfg-firewall (0.12) unstable; urgency=low 3.1.3 [ Mark O'Brien ] [ An-Cheng Huang ] * fix conntrack enabling mechanism [ Mark O'Brien ] -- Mark O'Brien Tue, 19 Aug 2008 17:48:24 -0700 vyatta-cfg-firewall (0.11) unstable; urgency=low 3.1.1 [ Mark O'Brien ] [ An-Cheng Huang ] * increment firewall config syntax version for hollywood. [ Mark O'Brien ] -- Mark O'Brien Sat, 28 Jun 2008 11:22:07 -0700 vyatta-cfg-firewall (0.10) unstable; urgency=low 3.1.0 [ Mark O'Brien ] [ Stephen Hemminger ] * Use regular snmpd [ Bob Gilligan ] * Bugfix: 2120 * Bugfix: 2122 [ rbalocca ] * Add vyatta-snmpd [ An-Cheng Huang ] * rename "mangle" to "modify" [ rbalocca ] * Ignore derived files [ An-Cheng Huang ] * allow firewall rule to match inbound IPsec packets. * add "inspect" action (maps to QUEUE) so "custom" traffic-filter for IPS * add mangle table support to firewall configuration. initial implementation [ rbalocca ] * Convert to our method of changelog creation [ Bob Gilligan ] * Add firewall templates for PPPOA, PPPOE, and classical IP over ATM, on [ Mohit Mehta ] * Fix Bug 3069 Help strings should be standardized [ An-Cheng Huang ] * add post-firewall hook for other features * fix for bug 3127: look for an exact match to replace/delete. [ Mark O'Brien ] -- Mark O'Brien Tue, 17 Jun 2008 09:26:05 -0700 vyatta-cfg-firewall (0.9) unstable; urgency=low 3.0.5 -- Mark O'Brien Tue, 06 May 2008 12:43:09 -0700 vyatta-cfg-firewall (0.8) unstable; urgency=low 3.0.4 -- Mark O'Brien Mon, 05 May 2008 16:40:28 -0700 vyatta-cfg-firewall (0.7) unstable; urgency=low 3.0.3 [ Mark O'Brien ] [ rbalocca ] * Indicate the VC4.0.2 release candidate in the changelog [ Mark O'Brien ] -- Mark O'Brien Tue, 29 Apr 2008 16:42:09 -0700 vyatta-cfg-firewall (0.6) unstable; urgency=low VC4.0.2 [ Mark O'Brien ] [ An-Cheng Huang ] * fix for bug 3167: get the actual return status from iptables. * fix for bug 3167: disallow multiport specification if both source and [ Mark O'Brien ] -- Mark O'Brien Sat, 19 Apr 2008 11:55:56 -0700 vyatta-cfg-firewall (0.5) unstable; urgency=low VC4.0.2 release candidate [ Mark O'Brien ] [ An-Cheng Huang ] * fix for bug 3127: look for an exact match to replace/delete. [ Mark O'Brien ] -- Mark O'Brien Wed, 16 Apr 2008 09:49:51 -0700 vyatta-cfg-firewall (0.4) unstable; urgency=low 3.0.2 [ Mark O'Brien ] * 3.0.1 [ rbalocca ] * Fix debian dependencies * Set dependencies on either bash or vyatta-bash [ Mark O'Brien ] -- Mark O'Brien Fri, 04 Apr 2008 18:00:16 -0700 vyatta-cfg-firewall (0.3) unstable; urgency=low VC4.0.1 [ Mark O'Brien ] [ An-Cheng Huang ] * fix a problem in the interaction between "firewall" and "interfaces". [ Stephen Hemminger ] * Replace VPL with GPLv2 * Change to GPLv2 * Update debian/copyright for GPLv2 * update from VPL1 to GPLv2 [ Mark O'Brien ] -- Mark O'Brien Tue, 18 Mar 2008 19:03:26 -0700 vyatta-cfg-firewall (0.2) unstable; urgency=low vc4.0.0 [ Mark O'Brien ] [ An-Cheng Huang ] * convert templates to new syntax * fix for bug 2591: update help text * fix for bug 2528: collapse source/destination "address" and "network". * fix for bug 2789: merge port configuration options. * merge ports in show output * merge address range into address * add address validation * move common module to vyatta-cfg [ Bob Gilligan ] * Extend firewall support to PPPOE interfaces. [ Stig Thormodsrud ] * Add firewall node to tunnel interface * Remove vif node as it's not valid for tunnel interfaces. [ Mark O'Brien ] -- Mark O'Brien Mon, 25 Feb 2008 17:38:04 -0800 vyatta-cfg-firewall (0.1) unstable; urgency=low * Initial Release. -- Bob Gilligan Mon, 10 Dec 2007 11:03:18 -0700